And the academy award goes to…
This blog entry is not about Hollywood, but rather the universities. It is meant to be a short rant about the way that the academy is teaching students.
Lets start with few examples I encountered from a friend of mine, studying for his Computer Engineering degree on one of the “top” academic institutes in Israel, the Technion (similar to the American “MIT”).
Recently my friend was taught in class that every DNS resolve request must go through the root name servers.
As if that’s not bad enough by itself, they actually needed to write a PoC that display and prove the above situation.
But there is one problem. That’s not how DNS resolving works.
I enter www.securiteam.com more then once each day. So why would anyone think that I must go through a root name server? What about local DNS cache (on my own machine)? What about using my ISP to resolve securiteam.com so that when someone else makes that same request it will be locally cached?
In fact, most DNS resolve requests do not go to the root name servers, but rather go to the local ISP, local cache or sometimes even static local definitions such as the hosts file (that exists in both Unix/Linux, and on Microsoft Windows).
And another thing: if I choose to define that www.securiteam.com is actually www.google.com in the hosts file, then when I’ll try to access www.securiteam.com it will actually be resolved as www.google.com!
So where are the root DNS servers in this picture? Well, if I try to resolve a new domain that isn’t locally cached, and is not cached at my ISP’s, my ISP DNS will go to the root servers for me and return the results. Only in that case the request will actually go through root servers and even here I do not interact with them directly (I have no real way of knowing that my ISP did so instead of pulling it from its own cache).
So what happens to all those poor students who study the ‘textbook’ answer that has no real practical use?
Another thing that they have learned is that you can resolve an IP to all of its domain names.
That is only very partially true. There are many, many cases that an IP cannot be resolved to its domain name (if a reverse lookup is not available) and there is no way for me of knowing that for sure if a DNS out there didn’t define another domain name for that IP.
So the university tries to teach its students that we must access the root name servers to resolve DNS names, and that we can enumerate host names from IP’s as the basics of networking.
Next they will teach that the earth is flat, and that the dust ferry creates the electricity from dust created at the Everest peak.